​On December 2nd, 2015, 14 people were killed and 22 more were seriously injured when Syed Rizwan Farook and his wife, Tashfeen Malik opened fire and tried to engage a bomb at a San Bernardino County Department of Public Health training event and holiday party of about 80 employees in a rented banquet room in San Bernardino. Both fled the scene and were killed four hours later in a shootout.

There is no question of their guilt, but as a result of the investigation, the situation right now is that the FBI wants the information on the the dead terrorist Farook’s iPhone. They have a warrant to search the phone and - because it was Farook’s work phone - they also have obtained permission to do so from his employer. The problem is, unless they hack it with the skills of the best black hat there ever was, it is likely that the data on the phone will be erased automatically when they fail too many times to crack his access code to the phone.

Enter Apple and the judge

The big news in all of this is that a judge is “asking” Apple to help hack the phone. Farook, the male shooter, used an Apple iPhone 5c running Apple’s iOS 9 iPhone operating system. The issue isn’t whether the FBI or law enforcement is entitled to search the phone. They definitely are. The issue is can they – or should they be able to – force the phone’s manufacturer to create a way into the phone for them so they don’t risk losing whatever data is on the phone. Apple says, “no way” because they know that it will set a precedent and they will be asked to do this many times over in future terrorist investigations or law enforcement situations. And they are wise in stating that once they have created that backdoor code into the phone, everyone is at risk because that code is only as safe as the protection around it. As we all know – if you read my articles and listen to those skilled hackers at the annual Black Hat conferences here in Las Vegas and around the world – every thing is hackable. Period. Even the protection surrounding the hacking code.

Should they or shouldn’t they – and the potential risks?

Does this concern you? It does concern me. I felt one way about it this morning, but as of now I feel differently after gathering more information about the situation. What was originally a terrorist action leading to 14 deaths could now become a cybercrime situation if the code gets into the wrong hands. And there are relatively easy ways that hackers can get the code onto your phone – even without you knowing it and likely in public places where you use unsecured networks like Starbucks, other coffee shops, buses and restaurants, etc. And it would be completely invisible and unknown to you. All that has to happen is for the code used to get into the terrorist’s phone to fall into the wrong hands…either through someone on the inside or a very good hacker…and this one-off move to get terrorist info could become an identity theft epidemic.

My thoughts / call for input

So, my opinion is this…Apple should not comply with the judge’s request. They are refusing to comply and they should stand firm in that refusal, in my best opinion. And I just read that Google is standing with Apple on that decision.

What’s your take? How do you feel about this? Should Apple comply? Should they be forced to comply (if that is an option)? Please share your thoughts and let’s discuss.

Comments are closed.

Search this entire blog:

Authors:

Brad Egeland

Brad Egeland has over 25 years of professional IT experience as a developer, manager, project manager, consultant and author. He has written more than 6,000 expert online articles, eBooks, white papers and video articles for clients worldwide. If you want Brad to write for your site, contact him.